Product and Support News

AuthPoint Passkeys for OIDC: Now Available

Digital security lock icon over virtual cityscape with programming code elements.

Passkeys for OIDC in AuthPoint is now generally available, following the Open Beta that ran from February 5th through February 19th.

What's new

AuthPoint now supports FIDO2 passkeys as an authentication method for OIDC-based resources. With this release, users can authenticate to FireCloud, Microsoft External Authentication Methods, and any OIDC application integrated through AuthPoint using passkeys, without a password.

Authentication is performed using device biometrics (Face ID, Touch ID, Windows Hello) or a device PIN to unlock the passkey, which then completes the cryptographic handshake with the application. The private key stays on the user's device and is never transmitted; AuthPoint stores and verifies the public key. This design makes passkey authentication phishing-resistant by default, meeting phishing-resistant MFA requirements found in common compliance frameworks and cyber insurance policies.

Users do not need the AuthPoint mobile app to use passkeys.

What administrators need to know

Passkey availability is controlled per OIDC resource through Zero Trust Policies in WatchGuard Cloud. You can enable passkeys for specific applications, roll out access gradually, or restrict passkey use to high-security resources while keeping other authentication options available elsewhere.

When a user authenticates with a passkey, the combination of device possession and biometric or PIN verification satisfies MFA requirements. AuthPoint treats passkey authentication as complete.

Passkey private keys are managed by the user’s device platform (Apple iCloud Keychain, Google Password Manager, or Windows WebAuthn) or by hardware security keys such as YubiKey.

Licensing

Passkeys for OIDC are included with both AuthPoint MFA and AuthPoint Total Identity Security licenses at no additional cost.

Getting started

Refer to the AuthPoint release notes and the AuthPoint Help Center for configuration steps. For questions, contact your WatchGuard Account Manager or reach out through standard support channels.

 

Archivado bajo: Authentication
Blog Inicio

Posts relacionados

Blog Inicio